[JDK-8273747] Grant JWS JavaFX apps access to Windows trust store - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P3
Resolution: Fixed
Affects Version/s: 8u202
Fix Version/s: 8u341
Component/s: deploy
Labels:

Subcomponent:
webstart
Resolved In Build:
b01
Verification:
Verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8284589	8u331	Anton Litvinov	P3	Resolved	Fixed	b31
JDK-8280763	8u321	Alexey Ivanov	P3	Resolved	Fixed	b33

Description

A JNLP app that uses JavaFX (that uses <jfx:javafx-runtime version="2.2+"/> tag in its <resources> element) does not take into account certificates from Windows Certificate store.

The JNLP app is hosted on a server that uses an SSL certificate that is issued by an internal Certification Authority (CA). When Java establishes the connection to the server, it cannot find a trusted root certificate and displays a security warning dialog with the message “The connection to this website is untrusted” and asks the user to confirm they trust the certificate.

The root certificate of the CA is installed into "Trusted Root Certification Authorities" store in the Windows trust store.

Regular Java Web Start apps (JNLP) as well as applets load the certificates from the Windows trust store and no security warning is displayed: the SSL certificate of the server is trusted because Java can find a trusted root certificate. It's the expected behaviour.

But it does not happen if the app uses JavaFX.
Only JavaFX apps are affected.

Attachments

Issue Links

backported by

JDK-8280763 Grant JWS JavaFX apps access to Windows trust store

Resolved

JDK-8284589 Grant JWS JavaFX apps access to Windows trust store

Resolved

Activity

People

Assignee:: Alexey Ivanov

Reporter:: Shadow Bug

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2021-09-14 12:08

Updated:: 2022-04-11 08:21

Resolved:: 2022-01-26 04:23